Overview
- Application and deployment services allow you to implement logic and code in the cloud
- Some services provide code execution, and others offer data analytics
- Selecting the appropriate service is essential and requires an understanding of its capabilities
Lambda Service
- AWS compute service that runs code without servers
- Runs code only as needed
- Scales automatically
- Can scale up to thousands of requests per second
- Billed by compute time
- Automated management
- Server Maintenance
- Operating System Maintenance
- Capacity Scaling
- Code Monitoring
- Logging
- Multiple Language Support
- Node.js
- Python
- Java
- Ruby
- C#
- GO
- PowerShell
- Lambda has a 15 min execution limit by default
Lambda Use Process
- Customer builds the code
- Customer launches the code as Lambda function
- AWS selects the server
- Customer calls lambda function as needed from applications
When to Use Lambdas
- Application logic decoupling
- When needed i.e.
- When extra compute power is required to run resource-intensive tasks that can’t run n the local server.
- Offloading heavy tasks onto AWS cloud
API Gateway
- API Management in the cloud
- Create
- Publish
- Maintain
- Monitor
- Secure
- APIs can interact with many targets
- AWS Services or Data Stored in AWS
- Another web service
Serverless Architecture
- Serverless is the native architecture of the cloud that enables you to shift more of your operational responsibilities to the cloud service provider
- Moves data in and out of the cloud without instances
- Process functions without instances
- Lambda
- API Gateway
Cross-Origin Resource Sharing (CORS)
- Allows receipt of requests from other domains
- Can be enabled for the API Gateway
- Default is internal domain requests only
- If not setup/ configured unexpected errors may occur
Kinesis
- Used for processing of streaming data
- It provides real-time data analytics
- Multi-tier/ application decoupling enabler
- Allows separating analytics from the data
- Very DevOps focused
- conceptual importance for an architect
Kinesis Operating Models
- Kinesis Data Streams
- Bringing data in shards and processing it
- Kinesis Data Firehose
- Combine analytics and data stream into one
- Kinesis Data Analytics
- Kinesis Video Streams
Kinesis Benefits
- Architecture is fully managed
- No custom coding is required
- Configure producers
- Configure consumers
- focus is on the analytics
Kinesis Data Streams
Input -> Kinesis Data Streams -> Processing Tools -> Output
Ingests and stores data for processing, processing tools use “shards”, output to BI tools.
Kinesis Data Streams provides streaming data to processing tools like Kinesis Data Analytics, Lambda, and custom code on EC2 instances.
Kinesis Data Firehoes
Input -> Kinesis Data Firehoes -> Data Stores -> Output
Processes and loads the data continuously to thew destination.
Kinesis Data Firehose can prepare data from data streams and place it into an S3 bucket, Redshift, Elasticsearch and Splunk.
Kinesis Video Streams
Input -> Kinesis Data Firehoes -> Output
Camera streams, with outputs for ML, video processing etc.
Kinesis Video Stream can output video streams to the Amazon Recognition Video, TensorFlow, Apache mxNet, and even custom video processing apps.
Kinesis Data Analytics
- Analyzes real-time data streams
- Based on standard SQL queries
- Once processes, Kinesis Data Analytics can send the results to other analytics tools for altering and real-time responses
- Supports concurrent consumers
- Redshift
- S3
- Elasticsearch
- Lambda
- Kinesis Data Streams
Input (stream) -> Kinesis Data Analytics (SQL) -> Output (BI tools)
Reference Architecture
- Can be thought of as a template/ design recommendations for implementing an entire network that complies with a set of requirements
- AWS Well-Architected Framework
- Architecture plans/ recommendations for specific scenarios
- HIPAA
- PCI-DSS
- UK-OFFICIAL etc.
CloudFront
- Content Delivery Network (CDN)
- Distributes content to localized regions
- Reduces latency
- Provides higher data transfer speeds
- It uses regional edge caches and edge locations to provide localized content
- Used to accelerate static websites and video live streaming
Implementation Considerations
- Content Source
- S3 buckets
- Media Package channel
- HTTP servers
- Content Access
- Public
- Restricted
- Content Constraints
- HTTPS required
- Geo-restrictions
Web Application Firewall (WAF)
- Controls access to HTTP and HTTPS servers
- Based on requests
- Based on source IP
- Works with CloudFront and/ or (ELB) Load Balancers
WAF Behaviors
- Allow all requests
- Except for the ones you specify
- Open to Close
- Block all requests
- Except for the ones you specify
- Monitoring
- Requests that match specific parameters
WAF Operations
- Error handling
- HTTP 403 Error (forbidden)
- Configurable default behaviour
- What happens when the request doesn’t match any rules
- Allow
- Deny
- What happens when the request doesn’t match any rules
Simple Queue Service (SQS)
- Used to decouple applications
- Breaks apps into separate procession tasks/ steps
- Allows many small processes to form a complete solution
| SQS Messages | SQS Features |
| – Outputs from other processes – Inputs to other processes – Queued are processed asynchronously, non-linear – Can carry up to 256 KB of data | – Redundant across multiple AZ – Queued until processed – Retention up to 14 days – Automatically scaled |
| SQS Participants | SQS Queue Types |
| – Message producers — put in the queue – Message Consumers — pull from the queue – Messaging Service — SQS Back End | – Standard (asynchronous) — default type, doesn’t guarantee sequential delivery of messages – First-in-first-out — FIFO (synchronous) — guarantees sequential delivery but supports fewer transactions |
Simple Notification Service (SNS)
- Paging in the cloud – notification service
- Uses the publish-subscribe mechanism based on “topics”
- Pub-Sub messaging model
| Publishers | Subscribers |
| – Push messages to topics – Topic = message placeholder e.g. Admin or Performance Alerts – CloudWatch or Cost Explorer can be a publisher | – Clients receiving notifications – Receive all messages broadcasted to the topic – Publisher and subscriber aren’t aware of each other |
| SNS Features | SNS Message Limits |
| – Stored across multiple AZs – Several delivery options including HTTP/ HTTPS, Email, SMS (Short Message Service) , Lambda, SQS | – Up to 256 KB of data – Max size of single SMS is 140 bytes – Large messages are broken into multiple chunks – Aggregate SMS size is 1600 bytes |
Simple Workflow (SWF)
- Defines a sequence of events required to achieve a workflow
- Used in decoupled applications
- It was the first full features workflow management solution in AWS
Workflow
- Activities that result in the desired objective
- The logic that controls activities
- Decider function determines the best workflow to use
- Operated in a domain
- Created logical boundary in SWF to constrain the scope of activities
| SWF Activity Task | SWF Activity Workers |
| – One invocation of an activity e.g. processing an order – May be invoked multiple times e.g. processing multi-item order | – The apps that receive and process tasks |
Step Functions – SWF Replacement
- AWS recommended service for workflows, eventually to replace SWF
- Similar to SWF in functionality
- Uses state machines with
- Decider
- Activity Tasks
- Worker Tasks
- Task = single unit of work
- Choice = branching logic
- Parallel = multiple tasks can be ran concurrently
- Uses state machines with
OpsWorks
- Configuration management solution in AWS to standardize deployments
- Configure (code-based)
- Instance deployment
- Service deployment
- Application deployment
- Operate
- Application updates
- Infrastructure updates
- Configure (code-based)
- Automated deployment solution
- Similar to MS Deployment Toolkit to deploy solutions
| OpsWorks Stacks | OpsWorks Chef Automate |
| – Initial OpWorks mode – Collection of layers — e..g AWS service or a runtime environment | – Cookbooks contain recipes – Recipes equivalent to layers — define configuration settings; admin, AWS or 3rd party defined |
| OpsWorks Puppet | Prebuilt Laters |
| – Master servers — pre-configured modules, where modules are equivalent to layers | – Ruby – Java – PHP – Node.js – Amazon RDS – MySQL – HA Proxy |
OpsWorks Use cases
- In the cloud
- Chef
- Puppet
- On-premises (local)
- Stacks
Cognito
- User identity and synchronization service (login with)
- Single Sign-On (SSO)
- Public identity providers
- Google, Facebook, Amazon
- Private identity providers
- AD services with Security Assertion Markup Language (SAML)
- Based on open standards
- OAuth 2.0, SAML 2.0, OpenID connect
- Profile management
- Scales to millions of users
AWS Integration
- Cognito controls access to AWS resources
- defines roles
- maps users to roles
Elastic MapReduce (EMR)
- Distributes processing across clusters
- Implements managed Hadoop framework
- Pulls data from S3 buckets
- Uses EC2 instances in the background
- User defined the number of needed clusters
- MapReduce = mapping the process to multiple processors instead of using a single one
- Used to process massive amounts of data in a efficient manner
EMR Cluster Nodes
- Master
- Coordinates job distribution across core and task nodes
- Distributor
- Core
- Runs tasks assigned by the master node (compute)
- Save data in the cluster (store)
- Compute + Store
- Task
- Runs only tasks that do not store data (compute)
- Compute only
CloudFormation
- Deployment templates used to build stacks
- Stacks/ entire solution sets are deployed automatically
- Can launch instances with sec. groups, subnets, IAM users, roles and more
- Why use it
- Rapid deployment
- Mirror existing internal architectures
- Take advantage of templates created by others
- CloudFormation properties — lookup new features
CloudWatch
- AWS monitoring solution
- Monitors the cloud and on-premises systems
- Dashboards
- Logs
- Events
- Alarms
- Why use it
- Monitor critical systems
- Receive notifications related to performance and security
- Push on-prem logs into the cloud
- Take automatic actions based on alarms
- CloudWatch Logs Insights — a layer above CloudWatch
Trusted Advisor
- AWS service that evaluates your environment and can provide recommendations for improvement
- Security improvements are included in the free tier
- With payment, you can receive guidance for performance and cost optimization
Organizations
- Collection of AWS accounts (IAM accounts)
- Centralized
- One management interface
- Billing
- Account management
- No additional charges to use
Organizational Unit (OU)
- Hierarchical account management
- Nests up to 5 layers deep
- Policies attached for permissions
